Wolfgang Rupprecht notes that net.inet.ip.directed-broadcast=0 doesn't
disable replies to icmp-to-broadcast.
In short, it's not supposed to.
That sysctl enables/disables the forwarding of IP-directed broadcasts.
In other words, if your NetBSD machine is a router, and directed-broadcast
is 0, IP-directed broadcasts will not be forwarded.
The "smurf" CERT advisory actually says this, but not in a very clear
way...
NetBSD does not currently have a way to disable replies to icmp-to-broadcast.
Such a thing could be implemented, but enabling it would break things
such as router discovery.
Jason R. Thorpe thorpej@nas.nasa.gov
NASA Ames Research Center Home: +1 408 866 1912
NAS: M/S 258-6 Work: +1 650 604 0935
Moffett Field, CA 94035 Pager: +1 415 428 6939